kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add SELinux certbot_acmesh bool for Certbot DNS-01

Browse Source
This commit is contained in:
Kris Lamoureux
2026-01-25 15:59:36 -05:00
parent cb828bdf53
commit e7dd861d7a
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/proxy/tasks/main.yml
View File

@@ -91,6 +91,19 @@
mode: "0755" mode: "0755"
when: proxy.production is defined and proxy.production when: proxy.production is defined and proxy.production
- name: Enable SELinux bool certbot_acmesh to allow sh access for DNS-01
ansible.posix.seboolean:
name: certbot_acmesh
state: true
persistent: true
when:
- selinux is defined
- selinux is not false
- proxy is defined
- proxy.production is defined
- proxy.production
- proxy.dns_cloudflare is defined
- name: Run Cloudflare DNS-01 challenges on wildcard domains - name: Run Cloudflare DNS-01 challenges on wildcard domains
ansible.builtin.shell: '/usr/bin/certbot certonly \ ansible.builtin.shell: '/usr/bin/certbot certonly \
--non-interactive \ --non-interactive \
@@ -108,7 +121,7 @@
when: proxy.production is defined and proxy.production and proxy.dns_cloudflare is defined when: proxy.production is defined and proxy.production and proxy.dns_cloudflare is defined
notify: reload_nginx notify: reload_nginx
- name: Enable httpd_can_network_connect to allow nginx network access - name: Enable SELinux bool httpd_can_network_connect to give nginx networking
ansible.posix.seboolean: ansible.posix.seboolean:
name: httpd_can_network_connect name: httpd_can_network_connect
state: true state: true